Add filters for quantum-debug
only allows ping command here. Fixes bug 1071110 Change-Id: I38f24e40de048845f01dbc07c79bb02acf92da31
This commit is contained in:
Nachi Ueno
parent
b51e36f707
commit
ac47e57497
14
etc/quantum/rootwrap.d/debug.filters
Normal file
14
etc/quantum/rootwrap.d/debug.filters
Normal file
@ -0,0 +1,14 @@
|
||||
# quantum-rootwrap command filters for nodes on which quantum is
|
||||
# expected to control network
|
||||
#
|
||||
# This file should be owned by (and only-writeable by) the root user
|
||||
|
||||
# format seems to be
|
||||
# cmd-name: filter-name, raw-command, user, args
|
||||
|
||||
[Filters]
|
||||
|
||||
# This is needed because we should ping
|
||||
# from inside a namespace which requires root
|
||||
ping: RegExpFilter, /bin/ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
|
||||
ping6: RegExpFilter, /bin/ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+
|
||||
Loading…
Reference in New Issue
Block a user